--
Thomas Roessler wrote:
> With respect to usability, this approach to scoping
> quite consciously pushes one of the really hard
> problems to the sidelines for the moment: How do you
> get users out of routine? How do you wake them up, so
> they become vigilant in the first place?
A solution that requires users to be vigilant is
unlikely to succeed. Security *should* be routine. If
it requires conscious thought, it is a bug.
> But please don't repeat over and over (together with
> Chris Drake) that "the problem can't be broken into
> pieces." This is not helpful at all.
Of course the problem can be broken into pieces - but
not pieces that suit application and organizational
boundaries.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
KR7GR+AE0d5uqnofH6Cx4xQvR0yE8EtGMjoH7pOG
4zNjtYPLN+Yo6Q4t6wRSlaGZIGoI/lTg9LqG0nP3t